Configure a cloudservice for autentication with Azure Active Directory

I've got a single tenant cloudservice that I want to be accessible to my company's employees only. The solution has a web role and a worker role.

Web.Config

<add key="ida:Tenant" value="MyCompany.onmicrosoft.com" />
<add key="ida:Audience" value="https://MyCompany.onmicrosoft.com/MySolutionWebRole" />
<add key="ida:ClientID" value="44421xxx-xxxx-xxxx-xxxx-xxxxxxx7024" />
<add key="ida:Password" value="i6fMxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx4Yk=" />
<add key="ida:AADInstance" value="https://login.microsoftonline.com/{0}" />
<add key="ida:PostLogoutRedirectUri" value="https://localhost:44322/" />

Also, I got the same settings in Cloud.config:

<Setting name="ida.Tenant" value="MyCompany.onmicrosoft.com" />
<Setting name="ida.Audience" value="https://MyCompany.onmicrosoft.com/MySolutionWebRole" />
<Setting name="ida.ClientID" vvalue="44421xxx-xxxx-xxxx-xxxx-xxxxxxx7024" />
<Setting name="ida.Password" value="i6fMxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx4Yk=" />
<Setting name="ida.AADInstance" value="https://login.microsoftonline.com/{0}" />
<Setting name="ida.PostLogoutRedirectUri" value="https://localhost:44322/" />

Moving on to Startup.Auth.cs

   public void ConfigureAuth(IAppBuilder app)
    {
        string authority = String.Format(CultureInfo.InvariantCulture, aadInstance, tenant);
        app.SetDefaultSignInAsAuthenticationType(CookieAuthenticationDefaults.AuthenticationType);
        app.UseCookieAuthentication(new CookieAuthenticationOptions());    
        app.UseOpenIdConnectAuthentication(
                new OpenIdConnectAuthenticationOptions
                {
                    ClientId = clientId,
                    Authority = authority,
                    PostLogoutRedirectUri = postLogoutRedirectUri,
                    RedirectUri = postLogoutRedirectUri,

                    Notifications = new OpenIdConnectAuthenticationNotifications
                    {
                        AuthenticationFailed = context =>
                        {
                            context.HandleResponse();
                            context.Response.Redirect("/Error?message=" + context.Exception.Message);
                            return Task.FromResult(0);
                        }
                    }

                });
        }

Finally, I've got the [Authorize] tag in my controller set up.

In the Azure Active Directory setup, I've got my cloudservice registered. Application type is Web app / API, and Multi-tenanted is "No". Logout url is set to https://localhost:44322/Account/EndSession. I have not changed or edited the Manifest.

When I try to enter the cloud service, I'm redirected to my organization login page (all well so far), but after entering password I'm greeted my an error message.

We have problems loggin you in. We received an illegal request. (freely translated)

Correlation ID: 21f4089f-1952-4f57-aead-173a66c1408d Timestamp: 2016-09-26 10:24:14Z AADSTS90093: This application requires application permissions to another application. Consent for application permissions can only be performed by an administrator. Sign out and sign in as an administrator or contact one of your organization's administrators.

The url for the login request is as follows (the sceen where I enter my password);

https://login.microsoftonline.com/ fd2xxxxx-xxxx-xxxx-xxxxxxxf3f2/ oauth2/authorize?client_id=444xxxxx-xxxx-xxxx-xxxxxxxx024 &redirect_uri=https%3a%2f%2flocalhost%3a44322%2f &response_mode=form_post &response_type=code+id_token &scope=openid+profile&state=OpenIdConnect.AuthenticationProperties %3dYkxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx

I have been looking at two example solutions based on web apps found at https://github.com/Azure-Samples/active-directory-dotnet-webapp-openidconnect and https://github.com/Azure-Samples/active-directory-dotnet-webapp-multitenant-openidconnect

I'd be really grateful for any help on this matter